Gateway log in system with user friendly combination lock

ABSTRACT

User friendly gateway log-in system for validation of a user&#39;s identity for entry into a master security website that provides a gateway to a plurality of different subscriber websites includes: (a) a plurality of user computers; (b) an internet; (c) a host server connected to the internet for connection to user computers; and (d) a website program hosted on the host server for a website that requires individual user security, for connecting each of the plurality of computers to the website available to the user computers, that includes an open log in field. The program has software for secured activity for receiving and recognizing a unique user identification from a user of a user computer to create a personal combination lock rule for a unique easy-to-remember user initialization input that includes a preset selection and operation of the intersection of a first randomly arranged challenge presentation and a second randomly arranged challenge presentation to obtain a selection solution. Successful solution by a user provides access to the gateway for entry into any subscriber-website without website-specific log-in.

BACKGROUND OF INVENTION

a. Field of Invention

The invention relates generally to log-in systems to open up a masterwebsite with a gateway for easy access to any of a plurality ofsubscriber websites, without website-specific log-in. The system has asingle log-in for the master website that is based on user friendly,easy to remember, steps. More specifically, the present invention systemutilizes a gateway master website log-in that is a dual intersectingchallenge presentation to solve with a secret user rule to obtain webaccess. One of the challenge presentations is an array of alphanumericcharacters and the other may be any set of differentiating items thatintersect (overlap) the first. Thus, the second challenge presentationcould be positional indicia, colors, shapes, things, etc.

b. Description of Related Art

The following patents are representative of a log in system:

U.S. Pat. No. 7,073,067 B2 to Len L. Mizrah describes an authenticationserver that provides a clue to a client indicating a random partialsubset of a full pattern that characterizes a full digitized path on aframe of reference, and the client enters a data to fulfill anauthentication factor suggested by the clue. The full pattern consistsof an ordered set of data fields, which store parameters that specifythe full digitized path on a reference grid for recognition. The serverpresents an instance of a graphical representation of the frame ofreference, including an array of random indicators at data fieldcoordinates in the frame of reference. The server accepts indicatorsfrom the array of indicators corresponding to coordinates along saiddigitized path identified by the random partial subset as input data tofulfill the authentication factor.

U.S. Pat. No. 7,073,055 to Micheal Freed et al. describes a system andmethods for providing distributed and dynamic network services to remoteaccess users. One of the methods includes providing a first certificatefor requesting dynamic network services by a user network entity, and atleast one second certificate for requesting static network services bythe user network entity. According to one method, a user of the usernetwork entity may generate a first message to request dynamic networkservices from a network service provider entity. For example, the firstmessage may include the first certificate, a digital signature generatedwith a private encryption key associated with the certificate and listof network service that the user whishes to set up dynamically. In oneembodiment, when the network service provider entity receives the firstmessage, the network service provider entity verifies the authenticityof the first certificate and, if the first certificate is authentic, thenetwork service provider entity configures a network connection betweenthe user network entity and a network based on the network servicesrequested by the user in the first message.

U.S. Pat. No. 7,059,516 B2 to Shinako Matsuyama et al. describes aperson authentication system, a person authentication method, aninformation processing apparatus, and a program providing mediumauthenticate a person who uses an information apparatus in datacommunication. A person authentication certificate storing a templatewhich includes person authentication data is used in the personauthentication system. A person authentication execution entity checksthe validity of the certificate on the basis of a certificate expirationdate, a certificate usage number limit, or a template expiration date inperson authentication processing on the basis of the certificate. Theperson authentication is executed by comparing the template withsampling information input by a user if the validity is confirmed. Aperson identification certificate authority updates the certificate orthe template according to the request of the authenticated person.

U.S. Pat. No. 7,062,707 B1 to Christopher L. Knauft et al. describes asystem and method of generating index information for electronicdocuments. The system includes a client and one or more informationretrieval (IR) engines, such as a search engine, which are each incommunication with each other via a network.

U.S. Pat. No. 7,007,168 B1 to Takeshi Kubo et al. describes anauthentication apparatus, coordinates input from a coordinate detectorvia a plurality of discontinuous holes or openings, cutouts or marksprovided on a member which is used to specify the coordinates aredetected, and an authentication is made based on a comparison result ofthe detected coordinates and a plurality of registered coordinates.

U.S. Pat. No. 6,934,860 B1 to Richard J. Goldstien describes a system,method and articles of manufacture are provided for password protectinguser access to a computer system. One or more images are displayed to auser. The user is then required to perform a sequence of actionsinvolving the images. The performed sequence of actions is compared witha predefined sequence of actions. If the performed sequence of actionsmatches the predefined sequence of actions, user access is permitted.

U.S. Pat. No. 6,332,192 B1 to Marc D. Boroditsky et al. describes aninvention that features a method for providing a user access to a secureapplication. The invention stores in an encrypted form the form theauthentication information necessary to satisfy the authenticationrequirements of the secure application. When the user requests access tothe secure application, the user is presented at his or her display witha request for authentication. The user must manipulate at least aportion of the symbol to respond properly to the authentication request.The user's manipulation(s) of the symbol(s) generate a CodeKey used todecrypt the encrypted stored authentication information into a result.After the result is created, it is provided to the secure application.If the result support's the secure application's authenticationrequirements (i.e., if the CodeKey has properly decrypted the encryptedstored authentication information), the user will be granted access tothe secure application. The invention therefore provides a simple,secure and effective method for user to gain access to a multitude ofsecure applications without having to recall a series of complicatedpasswords.

U.S. Pat. No. 6,209,104 B1 to Reza Jalili describes an invention that isa secure data entry and visual authentication system that allows a userto securely input and communicate data, including passwords. The systemincludes a client subsystem, a server subsystem and a communicationsubsystem. Server subsystem generates a pseudorandomly arranged displayimage including a plurality of icons associated with data, and transmitssaid display images to client subsystem for display on a display device.A user consecutively selects at least one said icons corresponding todata desired to be input. Selected icon location information for thoseselected icons is communicated by client subsystem to server subsystem,which then compares that selected icon location information to iconlocation information and associated data stored in memory to ascertainthe data input by the user.

United States Patent No. 2002/0053035 A1 to Daniel Schutzer describes amethod and system for strong, convenient authentication of a web usermakes use, for example, of a computing device, such as a user's personalcomputer (PC), coupled over a network, such as the Internet, to one ormore servers, such as the host server of an authenticating authority, aswell as one or more databases of the authenticating authority. Theauthentication process is broken into three phases, namely aregistration phase, an enrollment phase, and a transactionauthentication phase, with each phase being less intrusive and lesssecure than the preceding phase. In the registration phase, anauthenticating authority registers the user based upon identification ofthe user using strong authentication technique and provides anauthenticating token to the user, which can be used in the enrollmentphase to enroll one or more user devices for the user. Thereafter, inthe transaction authentication phase, the authenticating authority canauthenticate the user for a transaction based on presentation by theuser of a user password via the enrollment user device.

United States Patent No. 2002/0029341 A1 to Ari Juels et al. describesan enrollment and authentication of a user based on a sequence ofdiscrete graphical choices is described. A graphical interface presentsvarious images and memory cues that a user may associate with theiroriginal graphical choices. Enrollment may require the input to have asecurity parameter value that meets or exceeds a threshold. Anacceptable sequence of graphical choices is converted to a sequence ofvalues and mapped to a sequence of codewords. Both a hash of thesequence of codewords and a sequence of offsets are stored for use inauthentication the user. An offset is the difference between a value andits corresponding codeword. Authentication requires the user to enteranother sequence of discrete graphical choices that is approximately thesame as original. The offsets are summed with the corresponding valuesbefore mapping to codewords. Authentication requires the sequence ofcodewords, or hash a thereof, to match.

United States Patent No. 2001/0039618 A1 to Tomihiko Azuma describes auser authentication method is provided which can provide high levels ofsecurity without a need for installing any special apparatus on a userover a network. A numeric value randomly produced by a service providingsite is transmitted to a user terminal and a calculation result obtainedby applying the numeric value to a numerical calculation methodmemorized by the user is returned back to the service providing site.The service providing the site judges whether the calculation result isright or wrong to perform a user authentication. There is no need forinstalling any additional device on the service providing site.Information used for the user authentication is not broken, thusavoiding abuse for the user authentication.

Notwithstanding the prior art, the present invention is neither taughtnor rendered obvious thereby.

SUMMARY OF INVENTION

The present invention is a user friendly log in system for validation ofa User's identity for entry into a gateway master website. It includes:(a) a plurality of User computers; (b) an internet and an internetconnection among the plurality of User computers; (c) at least one Hostserver connected to the internet and available for connection to theplurality of User computers; and (d) a Website program for a specificWebsite that requires individual User security, for secured control forconnecting each of the plurality of computers to the website, andconnection portals available to each of the plurality of User computers,including an open log in field, the Website program being hosted on theat least one Host server. The Website and the Website program have means(sufficient hardware and software) to provide user friendly log inprocedures, including software and hardware for: (i) secured means forreceiving and recognizing a unique User identification from a User of aUser computer to create a Personal Combination Lock Rule for a uniqueeasy-to-remember user initialization input that includes a presetselection and operation of the intersection of a first randomly arrangedchallenge presentation and a second randomly arranged challengepresentation to obtain a selection solution; (ii) means for presenting afirst randomly arranged challenge presentation including a plurality ofsets of alphanumeric characters, each set having at least threecharacters, wherein the plurality of sets are arranged in apredetermined pattern and the alphanumeric characters are randomlyarranged with each set; (iii) means for presenting a second randomlyarranged challenge presentation at least partially overlapping the firstrandomly arranged challenge presentation to create plurality ofintersections; (iv) inclusion of a successful selection solutionpertaining to the User's Combination Lock Rule within the at leastpartial overlapping of the first randomly arranged challengepresentation and the second randomly arranged challenge presentation;(v) means for responding to a User selection and operation solutioninput from a User computer when the User input is inputted into the openlog in field; (vi) means for acknowledging the selection operationsolution input of the User and granting access to the website when thesolution input is correct; and, (vii) means for denying access to thewebsite when the User answers the solution input is incorrect. When theinput solution is correct, the user is granted access to the masterwebsite and to a plurality of subscriber websites, allowing the user toselect any subscriber website without website-specific log-in. Theselection may be made by any available mechanism, e.g., transmission ofa signal, one-click, voice activation, etc.

In some preferred embodiments of the present invention user friendly login system, the first randomly arranged challenge presentation is anarray of sets of randomly arranged alphanumeric characters wherein thesets are arranged in rows and columns. However, they need not bearranged in such order, as they may be scattered into random groupingsand/or different in count, such as contained within pictorialrepresentations or silhouettes of objects, e.g. house, car, horse, planeand balloon. They may alternatively be columnized or arranged in anypattern desired. In some preferred embodiments of the present inventionuser friendly log in system, the second randomly arranged challengepresentation is a plurality of visual or audio presentations selectedfrom the group consisting of colors, a numbered sequence, a letteredsequence, shapes, and combinations thereof.

In some preferred embodiments of the present invention user friendly login system, the Combination Lock Rule is given to the User during aninitial set up session and is not presented by the host server at anysubsequent log in time.

In some preferred embodiments of the present invention user friendly login system, the Combination Lock Rule is to identify at least twoalphanumeric characters based on at least two different combinations ofat least one set from the first randomly arranged challenge presentationbased on its intersection with the second randomly arranged challengepattern, and then selection of at least one alphanumeric character fromeach selected set based on positions within the selected set to obtain asolution for solution input.

In some preferred embodiments of the present invention user friendly login system, the Combination Lock Rule is to identify at least twoalphanumeric characters based on at least two different combinations ofat least one set from the first randomly arranged challenge presentationbased on its intersection with the second randomly arranged challengepattern, and then selection of at least one alphanumeric character fromeach selected set based on positions within the selected set to obtain afirst solution for the solution input and subsequently operation on atleast one character of the first solution by mathematical manipulationselected from addition and subtraction.

In some preferred embodiments of the present invention user friendly login system, the second randomly arranged challenge presentation is a setof different colors, one each corresponding to each of the sets in saidfirst randomly arranged challenge pattern. In some preferred embodimentsof the present invention user friendly log in system, the colors arepresented on a screen as color backgrounds highlighting eachalphanumeric set.

In some preferred embodiments of the present invention user friendly login system, the website program includes voice recognition featureswherein a User may proceed through a log in by audio inputs. In somepreferred embodiments of the present invention user friendly log insystem, the website program further includes speak back features so thatboth inputs and outputs are audio.

In some preferred embodiments of the present invention user friendly login system, the colors are spoken colors preceding spoken sets ofalphanumeric characters.

In some preferred embodiments of the present invention user friendly login system, the first and second randomly arranged challenge presentationmay be different each time a website is opened. In some preferredembodiments of the present invention user friendly log in system, thefirst and second randomly arranged challenge presentation change on anopen website after a predetermined time period has elapsed.

In some preferred embodiments of the present invention user friendly login system, the website program further includes presentation of aplurality of different choices of Combination Lock Rules and each newuser is afforded the opportunity to select a Combination Lock Rule atthe initial sign up session. In the alternative, in some other preferredembodiments of the present invention user friendly log in system, thewebsite program includes presentation of one combination lock rule toeach new User at the initial sign up session. The program maysequentially select and assign Rules from an internal collection ofRules and some people will have the same Rule, but no one will knowanyone else's Rule. In yet other preferred embodiments of the presentinvention user friendly log in system, the website program may store asignificant plurality of different Combination Lock Rules and randomlyassigns one to each new User.

In some preferred embodiments of the present invention user friendly login system, the website program has a single Combination Lock Ruleformat, with many different Rules within that format, and only firstrandomly arranged challenge presentation alphanumeric position andsecond randomly arranged challenge presentation choice are changed ineach of the many different Rules within the specific format.

In some preferred embodiments of the present invention user friendly login system, the website program is a subprogram module of the website andmay be programmable to permit a web programmer to customize at least oneof the first and the second randomly arranged challenge presentation.

In some preferred embodiments of the present invention user friendly login system, the website program has open fields for the second randomlyarranged presentation and a website programmer is provided with a choiceof second randomly arranged presentation symbols.

In some preferred embodiments of the present invention user friendly login system, the alphanumeric characters include symbols of foreignlanguages.

The invention solves the problems and overcomes the drawbacks anddeficiencies of prior art log in systems by providing easy to remembersteps that make internet website access to secured sites user friendly.

Additional features, advantages, and embodiments of the invention may beset forth or apparent from consideration of the following detaileddescription, drawings, and claims. Moreover, it is to be understood thatboth the foregoing summary of the invention and the following detaileddescription are exemplary and intended to provide further explanationwithout limiting the scope of the invention as claimed.

Referring now to the drawings, like reference numerals designatecorresponding parts throughout the several views. These drawings bothsummarize and exemplify some preferred embodiments of the presentinvention.

Moreover, it is to be understood that both the foregoing summary of theinvention and the following detailed description are exemplary andintended to provide further explanation without limiting the scope ofthe invention as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are included to provide a furtherunderstanding of the invention and are incorporated in and constitute apart of this specification, illustrate some of the preferred embodimentsof the invention and together with the detail description serve toexplain the principles of the invention. Additional features,advantages, and embodiments of the invention may be set forth orapparent from consideration of the following detailed description,drawings, and claims. In the drawings:

FIGS. 1A, B and C illustrate a block diagram representation of apreferred embodiment of a log in system according to the presentinvention and FIG. 1D represents a master security website screen afteraccess has been granted;

FIG. 2 is a front view of a screen representation of one step in thepresent invention system to show the intersecting challenge presentationand rule concepts;

FIG. 3 is another front view of a screen representation of one step inthe present invention system to show a changing intersecting challengepresentation and with the same rule as in FIG. 2;

FIG. 4 is another front view of a screen representation of one step inthe present invention system to show different intersecting challengepresentation and rule concepts; and,

FIG. 5 is another front view of a screen representation of one step inthe present invention system to show another example of intersectingchallenge presentation and rule concepts.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The present invention involves a user friendly log in system forvalidation of a user's identity for entry into a master security websitethat provides a gateway to a plurality of different subscriber websites.The confirmation is performed using a challenge-response dialog wherethe challenge is an unpredictable, random series of alphanumericcharacters overlapped with a second challenge presentation and theresponse is a short, easily calculated alphanumeric string which isnever the same and whose relationship to the challenge is not easilydeducible.

The invention involves database of Users that includes their unique UserI.D. and their Personal Combo Lock Rule for calculating a response to achallenge, and a website security program that responds to requests foridentification verification from User who has already registered, whichin turn provides User access to the website when the correct solution tothe challenge using the Personal Combo Lock Rule is made by the User.

The User Id is a unique identifier selected by each User specificallyfor use by the system of the present invention. The User needs toremember only this single User I.D. and simple PCL rule (Personal ComboLock Rule) in order to log on to a website with the present inventionsystem.

The PCL Rule is a set of one or more steps that is applied to a set ofalphanumeric and other challenge presentations, resulting in analphanumeric response. The challenge presentations are supplied bywebsite security program and are random. When the User's Rule is appliedto those challenge presentations, it results in an alphanumeric string.Because the program has previously assigned or otherwise provided theUser's Rule to the User, the program knows the Rule, the challengepresentation is in real time and the real time changing solution,corresponding to the User I.D. When the user inputs the correctchallenge solution, access is granted and if not correct, access isdenied. Access takes the User to a screen that offers immediate accessto any subscriber website in the system without site-specific log in.

The Problem

In general, World Wide Web users are members of many differentorganizations and use different URLs to access those organizations. Forexample, a User may be associated with a bank, an insurance company, abook club and an email host. Each of these organizations has a web page,and each one requires that the User “log in” before accessing thatsite's services.

“Logging in” generally consists of entering a previously determined UserI.D. (sometimes an email address), along with a static Password (acombination of alphanumeric characters and symbols) specific to thatsite. The Password is usually obscured to prevent casual observers fromstealing it, while the User I.D. is usually openly displayed.

This paradigm has become a standard on the World Wide Web, and each siteis responsible for maintaining its own User I.D. and Password. Thiscreates several well-known problems, among which are:

-   -   Users use different User I.D.s and/or Passwords for different        sites, and then cannot remember or have trouble keeping track of        which User I.D. and Password combination to use for each site.    -   Users are often assigned difficult illogical passwords, such as        “DINITUTO”, impossible to remember and difficult to type.    -   Users use the same User I.D. and/or Password for different        sites, compromising their security since anyone with access to        that information on one of those sites can use it to access        other sites. A single insecure site might provide a malicious        entity with millions of potential User I.D. and Password        combinations.

There are many different solutions to these problems. Some people useprograms that assign and remember different passwords for differentsites. Others employ rules for modifying a base password in differentways for different sites (e.g., add “bank” to the end of a standardpassword when accessing web sites for banks, etc.). Still othersmaintain lists of sites and passwords that they refer to each time theyvisit a site. The majority of people, however, eschews these morecomplex solutions and simply uses the same static password for manydifferent sites, despite the lack of security this engenders.Alternatively, complex diverse passwords reduce risk, but make recalldifficult.

The Solution

The IWS is used to verify a User's identity. Any web site can call uponthis web service to perform this validation. Thus, no matter how manyweb sites a user is a member of, as long as that web site uses IWS heonly needs to remember a single User I.D. and Personal Formula.

A Website Client must register itself with IWS in order to be able toutilize the verification service. This registration serves to confirmthat the Website Client is a valid web site (as opposed to a maliciousprogram). It also enables IWS to maintain a log of logins and attemptedlogins for every User I.D. If it notices a pattern of attemptedbreak-ins, it can lock down that User I.D. until the user is contacted.It can provide this log to the User and the User can examine it toverify that no one else is using that User I.D.

Each Website Client then need not concern itself with validating auser's identity or assigning and maintaining passwords, etc. Instead,they use IWS to retrieve an internal identifier (e.g., for a bank theymight use an account number) associated with that user's User I.D. inIWS. In order to log a new user on, then, the Website Client wouldaccept a plain text User I.D. from the user, send it to IWS along withthat Website Client's identifying information, and allow IWS to confirmthe User's Identity.

The Personal Formula

A combination lock is a well-known device that requires a User tomemorize a sequence of numbers and then apply that sequence in apredefined manner in order to open the lock. The Online Combination Lock(OCL) similarly requires the User to choose and memorize a sequence ofalphanumeric manipulations which are applied to a set of inputs togenerate a result.

The manipulations that are chosen, memorized and performed mentally bythe User can be trivial, yet still be undeterminable by an observer. Asa simple example, say the random inputs are: 1 7 3, and themanipulations are i) first subtract 1 from the third number to obtain afirst combo number, ii) and then add 2 to the first number to obtain asecond combo number. Using that manipulation, the correct response is23. Anyone knowing rules i) and ii) can calculate the correct responseinstantly in their head. Yet an observer seeing both the inputs and theresults would have no way of inferring the correct Rules. In theexample, the Rules might just as easily have been i) add 1 to the firstdigit, ii) subtract 4 from the second digit—these Rules give the sameresponse, 23. However, given a different set of inputs, the inferredRules would be highly unlikely to produce the same results as thecorrect rules.

Since the challenges supplied to the User are random, the correctresponse is always a different alphanumeric string. There is no passwordto steal. Even if a malicious person or program were to have access toall the inputs and all the correct responses for a particular user(itself an unlikely circumstance, except as noted in Malware below),they would still be unable to reconstruct the correct Rules and be ableto respond correctly to another random challenge to that user.

Of course, that statement is true only if there is sufficient complexityin the inputs. If there are only 3 digits as inputs (as in the trivialexample above), given enough inputs and responses it may be possible todeduce the correct Rules. But the Personal Formula inputs for thisinvention are far more complex, making it impossible to use previousanswers to deduce the rules.

The invention might use six groups of 6 digit numbers as inputs. Thegroups might be colored in a way to make them instantly identifiable,say, Red, Blue, Yellow, Green, Black, and Orange. These groups can bearranged on the page in any order. A Personal Formula might include therule “add 1 to the 4^(th) digit of the Black group”. This is a trivialcalculation for someone who knows the Rule. Yet an observer of both theinputs (36 digits) and the response would never be able to determinewhat Rule was used to calculate the response.

Note that no matter how complex the random inputs are, the PersonalFormula need not ever be complex. Simple arithmetic is sufficient tocreate an unbreakable code. If a User chose a 4 step formula thatresulted in 4 digit numbers (from 0000 to 9999), a malicious attempt tobreak that code would have only a 1 in 10,000 chance of succeedingrandomly. If the random inputs consisted of 6 groups of 6 digits, it isimpossible to reconstruct the simple arithmetic steps used to generatethe correct response, yet it is trivial for a person of averageintelligence to mentally locate the appropriate group and digit, applythe appropriate Rule, and enter the resulting value.

Sample rules:

Add or subtract a digit to or from a particular digit from a particulargroup (known as a pdpg). There are two options here if the resultingnumber is greater than 10: use the whole number (i.e., 6+7=13), or usejust the ones digit (i.e., 6+7=13, use the 3). If the number isnegative, just ignore the negative sign (i.e., 6−7=−1, use 1).

Add two or more pdpgs together (choose non-consecutive digits)

Multiplication or division or some higher function on pdpgs

Pattern-based, for example, if a pdpg is 1-5, use another pdpg,otherwise use a different one

Malware

Certain types of malicious programs can be installed surreptitiously ona computer and then monitor and record everything that occurs on it.Every keystroke, every image, every activity is recorded for lateranalysis. These types of programs, once installed, can instantly breachstandard “static password” security measures. The malicious program canrecord every website, every User I.D. and every password that is enteredon that computer. However, even those programs cannot breach the presentinvention security. If the inputs are sufficiently complex, it ismathematically impossible to deduce the correct PCL rule even givenmultiple examples of inputs and correct responses.

Human Behavior

Generally, the biggest security rise is not unsafe passwords or spywareprograms—it is human behavior. People tend to act carelessly if it suitstheir immediate needs, even if such behavior puts them at long ternrisk. Thus, a husband might give his wife his password over the phone ifhe needs her to do a transaction for him, even though he knows thedanger in giving his private password to anyone. That is why the presentinvention system allows Users to be “sloppy” when they want to be,without compromising the security of the entire system.

The first line of defense against sloppiness is the nature of the PCLRule itself. As simple as it may be to remember, it is not so simple totell someone else your formula and be sure they will get it right.Therefore, people have an incentive not to divulge their PCL Rule.

In some optional present invention systems, the second line of defenseis to give people. an alternative to giving out their password. Thosealternatives are discussed below. They are all designed to allow peopleto do what they will end up doing anyway (giving up some security in thename of short term convenience), but without doing themselves anylasting damage.

Finally, the system will know when people choose to use these short termconveniences, and may choose not to honor the alternative password. Forexample, a bank may not permit access except by Users who prove theyknow the PCL Rule by using it, while a video rental system may allowaccess based on alternatives. Remember, these alternate log ins arestill secure, but they are just slightly less secure than the fullchallenge-response system.

Limited Access Passwords

A user can have any number of Limited Access Passwords, which aresingle-use, static passwords that permit limited access (as defined byindividual software criteria for a given present invention systemoffering this option). Should a particular system allow it, a LimitedAccess Password enables a User to temporarily grant access to someoneelse without giving away their PCL Rule. Often a person wants someoneelse to temporarily have access to some organization; in order tofacilitate this desire without compromising a User's security, the Usercan give out a Limited Access Password specific to a particular limitedaccess. For example, if a User belongs to an online movie rental club,and wants his/her spouse to log in to the account and select a movie,instead of giving the spouse the PCL Rule, the User gives them a LimitedAccess Password, which will only work one time (or perhaps for a limitedlength of time, maybe for one hour). After that, the User will have tocreate a new Limited Access Password or re-enable the old one.

Back Door Passwords

Each User may have a Back Door Password, which is a static passwordknown only to that User. This password can be given as response to achallenge at any time, and has the effect of bypassing the PCL Rulesolution. However, this password can only be used for emergencies, andwill initiate an emergency set of events. For example, it might causethe User to be called on the telephone to confirm their identity. In anycase, it does not bypass the security restrictions, but only permits aUser to engage in emergency actions with this system.

Decoy Rules

A User can have an alternate Personal Rule that is only used foremergencies. This Decoy Rule can be used to generate a correct responseto a challenge, just like the User's actual PCL Rule. However, using theDecoy Rule indicates to the system that something is wrong. For example,if someone is forced to tell another person their PCL Rule (in order toenable identity theft, for example), they can give the person theirDecoy Rule instead. The system will note that the Decoy Rule is beingused and may provide false information and initiate a theft protectionscheme. Therefore, it may allow bank transactions to appear to gothrough, but invalidate them before they are committed. It may displayfinancial information as requested, but modify that financialinformation so that it is not accurate. The exact nature of theprotection scheme, when this option is included in the presentinvention, can vary among systems, but they will all recognize that thereal User does not want the person using the Decoy Rule to have accessrights to any User information.

A User can also use their Decoy Rule as a decoy. If the Decoy Rule iswritten down and someone tries to use it illicitly, their attemptedtheft will be “permitted” but not allowed to do any harm. Ideally, theywon't even know they have used the “wrong” Rule until they are caught.

A User can make their Decoy Rule similar to their PCL Rule, with only asmall difference between them that the User commits to memory, but anobserver will not be aware of That way Users can have a “cheat sheet” tohelp them remember their PCL Rule without compromising its security.

Databases

In some preferred embodiments, the User Information database may consistof the following fields:

User Id A unique alphanumeric string identifying a User. User A set ofdata identifying a person, including their full Information name,address, etc. Personal A sequence of calculations to be performed upon aset of Combo input data. Lock Rule (PCL Rule) Decoy Rule A differentsequence of calculations that produces a different result; using thisRule lets the system know that the person accessing the system is doingso illicitly Back Door A static text string that acts like a “backdoor,” Password allowing limited, emergency access to the system withoutknowing the PCL Rule. Limited A list of single-use, static text stringsthat allow Access limited, emergency access to the system withoutknowing Passwords the PCL Rule.

The website—User Link database consists of the following fields:

Client I.D. A unique alphanumeric string identifying the client. UserI.D. A set of data identifying a software client (usually a web server).

Interactive Setup Wizard

Choosing, remembering and calculating a PCL Rule can be intimidating,especially to those who believe mathematics is difficult. The optionalset up Wizard for first time visits may help a User choose a PCL Rule(making sure that it is not too simple (i.e., the first digit from eachgroup)), then walks the User through remembering it (breaking it upintosections if necessary), and finally it may work the User throughpractice sessions until they are comfortable with their Rule. Thisprocess takes place while communicating directly with the system over asecure Internet connection. It can take place of the course of minutes,hours or days, until the User is comfortable with their PCL Rule and itsuse. With appropriate verification, Users can return to the wizard atany point for refresher courses, or, of course, to change their PCLRule. The Wizard may also recommend Decoy Rules (that diverge from thereal Rule in only 1 or 2 small locations, so they will be easy toremember) and train the User to remember these as well.

The Wizard will also recommend setting up Limited Access Passwords orBack Door Passwords, and suggest schemes for such fixed passwords basedon the answer to questions it asks the User.

Referring now to the drawings, like reference numerals designatecorresponding parts throughout the several views. These drawing bothsummarize and exemplify some preferred embodiments of the presentinvention.

FIGS. 1 A, B and C illustrate a block diagram representation of apreferred embodiment of a log in system according to the presentinvention. In FIGS. 1A and 1B, taken together, block 1 shows a pluralityof User computers connected to a gateway host server (block 3) with thepresent invention website program. Upon a first visit (block 5), theUser provides an I.D. and other optional data and a PCL Rule is assignedto the User (see FIG. 1C below for details).

Once the User has made the first visit to input an I.D. and otherpersonal data and has been trained or provided with User instructionsand has been provided with User's Combo Lock Rule, that Rule will not begiven by the system unless a new sign up or resign up procedure withclearance checks is indicated. Thus, on subsequent visits (block 7), theUser is asked for the User I.D. and is then presented with the twointersecting challenge presentations to which the PCL Rule is applied(block 9). Examples above and below show the details of sample Rules andhow they are applied. This is further exemplified by FIGS. 2 through 5below. When a User provides a correct solution, the master securitywebsite (“MSW”) provides a list of all subscriber websites, and the Usermay select any subscriber website by one click entry without the need touse any website specific log in (block 4). Alternatively, MSW mayprovide a list of sll subscribers and the User may select a list fromthose offered by the MSW (block 6). In yet another option, the MSW isopen to all inputs from the User for a custom list, then a one time login for each is done by the User and then the MSW creates this list forfuture one click entry (block 8).

FIG. 1C indicates the first visit options (block 13) that may be offeredto a User (block 5, FIG. 1B). In many present invention preferredembodiments, the system will automatically assign a PCL Rule. Theassigned Rule may be randomly or logically selected from a storedcollection by the program and the User will have no choice but to acceptthe use of the assigned Rule (block 15). Alternatively, or separately,the system may offer the User an extensive list of Rules and the Usermay select a Rule from that list (block 17). In yet another presentinvention embodiment, the system program may provide Rule parameters andthe User may provide his or her own Rule (block 19). For example, theUser may not be told to select intersect sequences and may optionallyhave one digit or two digit addition step for each intersection. Withthis Rule a User might pick a Red box, third digit, add 6; Blue box,third digit, add 12. The system would accept this Rule, but given theparameter constraints, the User cannot create a Rule with red box, thirddigit, add 1,000 because adding 1,000 is not a two digit addition step.

Once a User has been granted access for providing a correct solution tothe Rule, a screen such as screen 20 of FIG. 1D may offer one click, orvoice and/or any other easy activation for direct entry into theselected website. In FIG. 1D, on screen 20, access has been granted anda single click on any listed site provides instant access to thatsecured website for the User.

FIG. 2 shows a screen 21 with a first challenge presentation, namely,six sets of four digits in each set, and a second challenge presentationthat intersects with the first, namely, Red, Green, Yellow, Blue,Orange, Purple Boxes. Shown below the screen is a previouslycommunicated Rule that the User would have from her first sign upsession. The Rule involves the creation of two digits. The firstsolution digit is the second digit of the Green Box plus 1. The secondsolution digit is the fourth digit of the Blue Box plus 3. By looking atthe screen 21 and finding the Green Box and the second digit therein “3”and adding 1, the first solution digit is 4. By looking at the Blue Box,the fourth digit is “5” and adding 3 yields 8. Therefore, the correctCombination Lock Solution is 48. If a User punches in 48, access will begranted. If no solution or the wrong solution is returned by the User,access is denied.

The screen 21 of FIG. 2 may change every fifteen seconds for example,but the Users Rule would not change. FIG. 3 shows screen 31 with thesame color boxes and six sets of four digits, as in FIG. 2, but thecolor positions have changed and the digits have changed when the Userapplies her Rule to this screen, the Combination Lock Solution is 95. Insome embodiments, the screen may not change periodically but may bedifferent each time that the homepage is opened. In either case, thecritical challenge presentations are always different, the Rule is knownonly by the User and the solution changes. Thus, it is impossible ornearly impossible for a third party intruder to make any sense of whatin transpiring or to use the current Combination Lock Solution forfuture access.

FIG. 4 shows a screen 41 for a different present invention systemwherein the first challenge presentation is made up of sets of fivecharacters each. The second challenge presentation is shownschematically, but in reality may be outlines or highlighted picturepresentations of Walt Disney characters such as Mickey Mouse and DonaldDuck. The previously communicated PCL Rule is shown below thepresentations and the solution for screen 41 is “MEO”.

FIG. 5 shows yet a different present invention screen 51. The firstchallenge presentation is a collection of words (each word is a set andeach letter of the word is a character of the set). The second challengepresentation is the position or number of each word. The PCL Rule isshown below the screen and its solution is “CMB” for this particularscreen. If a User punches in “CMB” access will be granted. If nosolution or the wrong solution is returned by the User, access isdenied.

Although particular embodiments of the invention have been described indetail herein with reference to the accompanying drawings, it is to beunderstood that the invention is not limited to those particularembodiments, and that various changes and modifications may be effectedtherein by one skilled in the art without departing from the scope orspirit of the invention as defined in the appended claims. For example,in addition to direct access by keyboard, mouse, voice activation andvoice recognition, the system may also be used in embodiments whereintelephone, text message, email or other access system is utilized.

User friendly log in system for validation of user for entry into awebsite includes: (a) a plurality of user computers; (b) an internet;(c) a host server connected to the internet for connection to usercomputers; and (d) a website program hosted on the host server for awebsite that requires individual user security, for connecting each ofthe plurality of computers to the website available to the usercomputers, that includes an open log in field. The program has softwarefor secured activity for receiving and recognizing a unique useridentification from a user of a user computer to create a personalcombination lock rule for a unique easy-to-remember user initializationinput that includes a preset selection and operation of the intersectionof a first randomly arranged challenge presentation and a secondrandomly arranged challenge presentation to obtain a selection solution.

1. A user friendly gateway log-in system for validation of a user'sidentity for entry into a master security website that provides agateway to a plurality of different subscriber websites, for instantaccess to any of said different subscriber websites withoutwebsite-specific log-in, which comprises: (a) a plurality of usercomputers; (b) an internet and an internet connection among saidplurality of user computers; (c) at least one host server connected tosaid internet and available for connection to said plurality of usercomputers; (d) a master security website program for a master securitywebsite that includes a gateway for instant access to any of a pluralityof different subscriber websites and that requires individual usersecurity, said program for secured control for connecting each of saidplurality of computers to said any of a plurality of subscriberwebsites, and connection portals available to each of said plurality ofuser computers, including an open log-in field, said master securitywebsite program being hosted on said at least one host server, and saidmaster security website program having means to provide user friendlylog-in procedures, including software and hardware for: (i) securedmeans for receiving and recognizing a unique user identification from auser of a user computer to create a personal combination lock rule for aunique easy-to-remember user initialization input that includes a presetselection and operation of the intersection of a first randomly arrangedchallenge presentation and a second randomly arranged challengepresentation to obtain a selection solution; (ii) means for presenting afirst randomly arranged challenge presentation including a plurality ofsets of alphanumeric characters, each set having at least three saidcharacters, wherein said plurality of sets are arranged in apredetermined pattern and said alphanumeric characters are randomlyarranged with each set; (iii) means for presenting a second randomlyarranged challenge presentation at least partially overlapping saidfirst randomly arranged challenge presentation to create plurality ofintersections; (iv) inclusion of a successful selection solutionpertaining to said user's combination lock rule within said at leastpartial overlapping of said first randomly arranged challengepresentation and said second randomly arranged challenge presentation;(v) means for responding to a user selection and operation solutioninput from a user computer when said user input is inputted into saidopen log-in field; (vi) means for acknowledging said selection operationsolution input of said user and granting access to said plurality ofsubscriber websites when said solution input is correct, allowing saiduser to select any subscriber website without website-specific log-in;and, (vii) means for denying access to said plurality of subscriberwebsites when said user answers said solution input is incorrect.
 2. Theuser friendly gateway log-in system of claim 1 wherein said firstrandomly arranged challenge presentation is an array of sets of randomlyarranged alphanumeric characters wherein said sets are arranged in rowsand columns.
 3. The user friendly gateway log-in system of claim 1wherein said second randomly arranged challenge presentation is aplurality of visual or audio presentations selected from the groupconsisting of colors, a numbered sequence, a lettered sequence, shapes,and combinations thereof.
 4. The user friendly gateway log-in system ofclaim 1 wherein when a user is granted access to said plurality ofsubscriber websites, said plurality of websites are presented in anarrangement to said user for one click access and said user'sidentification is forwarded to a checked website to open said websitefor said user's security thereof.
 5. The user friendly gateway log-insystem of claim 1 wherein said master security website program furtherincludes a program module to permit websites to subscribe to saidprogram to link accessed user identification transfers to said websitesand to bypass security log in procedures for said websites when saidusers enter said websites.
 6. The user friendly gateway log-in system ofclaim 1 wherein said combination lock rule is given to said user duringan initial set up session and is not presented by the host server at anysubsequent log-in time.
 7. The user friendly gateway log-in system ofclaim 1 wherein said combination lock rule is to identify at least twoalphanumeric characters based on at least two different combinations ofat least one set from said first randomly arranged challengepresentation based on its intersection with said second randomlyarranged challenge pattern, and then selection of at least onealphanumeric character from each selected set based on positions withinsaid selected set to obtain a solution for solution input.
 8. The userfriendly gateway log-in system of claim 1 wherein said combination lockrule is to identify at least two alphanumeric characters based on atleast two different combinations of at least one set from said firstrandomly arranged challenge presentation based on its intersection withsaid second randomly arranged challenge pattern, and then selection ofat least one alphanumeric character from each selected set based onpositions within said selected set to obtain a first solution for saidsolution input and subsequently operation on at least one character ofsaid first solution by mathematical manipulation selected from additionand subtraction.
 9. The user friendly gateway log-in system of claim 1wherein said second randomly arranged challenge presentation is a set ofdifferent colors, one each corresponding to each of said sets in saidfirst randomly arranged challenge pattern.
 10. The user friendly gatewaylog-in system of claim 9 wherein said colors are presented on a screenas color backgrounds highlighting each alphanumeric set.
 11. The userfriendly gateway log-in system of claim 1 wherein said master securitywebsite program includes voice recognition features wherein a user mayproceed through a log-in by audio inputs.
 12. The user friendly gatewaylog-in system of claim 11 wherein said master security website programfurther includes speak back features so that both inputs and outputs areaudio.
 13. The user friendly gateway log-in system of claim 7 whereinsaid colors are spoken colors preceding spoken sets of alphanumericcharacters.
 14. The user friendly gateway log-in system of claim 1wherein said first and second randomly arranged challenge presentationmay be different each time a website is opened.
 15. The user friendlygateway log-in system of claim 14 wherein said first and second randomlyarranged challenge presentation change on an open website after apredetermined time period has elapsed.
 16. The user friendly gatewaylog-in system of claim 1 wherein said master security website programfurther includes presentation of a plurality of different choices ofcombination lock rules and each new user is afforded the opportunity toselect a combination lock rule.
 17. The user friendly gateway log-insystem of claim 1 wherein said master security website program includespresentation of one combination lock rule to each new user.
 18. The userfriendly gateway log-in system of claim 17 wherein said master securitywebsite program stores a significant plurality of different combinationlock rules and randomly assigns one to each new user.
 19. The userfriendly gateway log-in system of claim 1 wherein said master securitywebsite program has a single combination lock rule format, and onlyfirst randomly arranged challenge presentation alphanumeric position andsecond randomly arranged challenge presentation choice are changed. 20.The user friendly gateway log-in system of claim 1 wherein said mastersecurity website program is a subprogram module of said website and maybe programmable to permit a web programmer to customize said secondrandomly arranged challenge presentation.
 21. The user friendly gatewaylog-in system of claim 1 wherein said master security website programhas open fields for said second randomly arranged presentation and awebsite programmer is provided with a choice of second randomly arrangedpresentation symbols.
 22. The user friendly gateway log-in system ofclaim 1 wherein said alphanumeric characters include symbols of foreignlanguages.
 23. The user friendly log-in system of claim 1 wherein saidsystem further includes a second combination lock rule that is a decoyrule that utilizes a different selection operation to obtain a differentsolution to which access is denied.
 24. The user friendly log-in systemof claim 1 wherein said system further includes a back door passwordthat allows only a single use access without revealing the personalcombination lock rule.
 25. The user friendly log-in system of claim 1wherein said system further includes a limited access password thatallows third party access on a limited basis without revealing thepersonal combination lock rule.